Introduction
When conducting a search or a seizure it is necessary to preserve the data or information during the process of investigation. Historically, the consequences of computer crimes have involved a limited number of victims and investigations. However, this trend is changing and the impacts of the digital evidence within the conventional crime investigations have become widespread. The investigations within the private and public contexts are likely to incorporate seizure, as well as, preservation and analysis of digital information. Thus, it is necessary to have an integral mechanism to form part of the investigation process (Casey, 2011).
The data that can be obtained is of immense significance in court cases since they contain data that can be relayed electronically (Norton, 2011). These are latent evidence obtained when retrieved from the physical objects that contain them. A computer device such as software contains very delicate information that can be disrupted. Failure to deal with this information or data appropriately may lead to unusable or inaccurate decision on a criminal case. Thus, it is important to device a method of investigation that may enhance the preservation and maintenance of the integrity of the evidence (Casey, 2011).
In a crime scene, a suspect may invoke a program that can interfere with system or data files. Moreover, a single action on the targeted system could most likely affect the system files. Therefore, it is crucial for investigators experienced in the seizure of a computer evidence to preserve and seize the system. When there is nobody around, the monitor should be inspected. When there is an indication of formatting, the power plug should be pulled off very quickly. As a result, shutting down a computer requires making decision that usually depends on several parameters such as experience of the investigator as well as the type of the computer (Wilkinson, 2011).
Problem statement
Due to technological advancements, computers can be used to commission crime, act as evidence of crime, as well as, targets of crime. Thus, it is important to understand the nature of evidence that can be retrieved from the storage devices and how to process the crime scene.
Turning off a computer have merits and demerits’, hence it is important to decide if the attempt may protect the data contained in the RAM that forms the fragile memory part of a computer by considering the risks that may be involved in accidentally and unintentionally destroying the files or activating a hotkey (Wilkinson, 2011). When power is plugged off from the computer, all the data in the Random Access Memory gets lost and cannot be retrieved easily.
Methodology
This study used both primary and secondary sources. For instance, information obtained from public records, opinions from expert investigators, journal articles, case studies from previous experiences, as well as, the experience from the orange county computer forensic unit. The experiences of personnel attending crime scenes and have made an initial contact with a criminal during securing or seizing an equipment from crime scenes with an aim of recovering a computer related evidence and identifying data necessary to investigate a computer related crime.
The staff responsible for recovering evidence came from the Oregon County. The study also involved external witnesses whose services are very significant in the recovery, identification, as well as, interpretation of any computer based electronic evidence.
Findings
The study indicates that computer seizure enables valuable crime evidence to be obtained and should therefore, be treated the same as traditional forensic evidence. The method of retrieving computer data while focusing on the continuity of the evidence as well as the integrity of investigation is very complex and costly.
The experiences studied demonstrate that when computer based investigation is done correctly it provides a compelling and cost effective evidence. However, the evidences are very delicate in nature since they destroyed or changed. Therefore, it is very important to be very cautious when documenting, collecting, preserving, and examining this type of evidence
Analysis
Considering the basic elements of a computer, it is not advisable to pull the plug of networked computers without the presence of a computer specialist since failure to shut down the computer network correctly may tamper with the system and destroy all the data and other important business records. Thus, it is very important to seek assistance from a computer specialist. On the other hand, other portable devices may lose vital data when power is plugged off. Thus, when power is plugged off from a running system, any vital evidence that is stored in the encrypted volumes will be never be recovered unless the relevant key is found.
It is also important to note that any potential important data may be destroyed that may damage the claims, such as the corporate data. In addition, for the retrieval of evidence, the study revealed that the main unit, the monitor, keyboard and the mouse, the leads, power supply units, hard disks, modems, flash disks, dongles and modems, the floppy disks, cameras, routers, backup tapes, CD’s, cartridges, the memory sticks and the memory cards should be seized (Department of Justice, 2002).
Conclusion and recommendations
Based on the study, it is evident that computers have been used in committing crimes and can store vital information when used by a crime victim or a subject. The importance of computers should not be taken for granted at a crime scene. Caution should be observed when collecting computer related evidence, which is very crucial because they are very delicate. When collecting evidence necessary to ascertain that the system is switched off. All the materials attached to the system should be seized, as well as, any, material that may have a password that may provide evidence.
When collecting evidence all power cable should have a mark and should be disconnect from ports. It is necessary to make hand sketches to assist in setting the systems later. Moreover, it is useful to take pictures that might be helpful in documenting the entire scene in general. The seized materials should be properly marked and if possible, the personnel involved should be noted.
Consequently, if a forensic examination is required, a request should be made immediately since it will assist in the determination of the criminal evidence and specific issues that are relevant to the overall investigation. As such, several factors are essential in achieving these goals. These include special materials as well as external help (Department of Justice, 2002).
References
Casey, E. (2011). Digital Evidence and Computer Crime. Forensic Science, Computers, and the Internet. New York: Academic Press.
Department of Justice (2002). Electronic Evidence and Search & Seizure Legal Resources. Computer Crime & Intellectual Property Section: United States Department of Justice. Web.
Norton, Q. (2011). Byte Rights: A New McCarthyism. Maximum PC. Web.
Wilkinson, S. (2011). Good Practice Guide for Computer-Based Electronic Evidence. Metropolitan Police Service, E-Crime Working GROUP. Web.